CVE-2018-9851
Gxlcms QY v1.0.0713 contains an arbitrary file-read vulnerability in Lib\Lib\Action\Admin\TplAction.class.php. The root cause is a path traversal flaw that permits remote attackers to read files by supplying a modified pathname in an Admin-Tpl request, demonstrated via using '|' as a directory se...